Following the recent reveal that the Chinese Apple App Store had become infected with malware, thanks to dozens of infected consumer-facing mobile apps that had been built and updated with a compromised version of Apple’s iOS developer software, Xcode, Apple is now urging mobile app developers to verify their Xcode installations. The company reminded developers via email and a message posted to the company website that they should only run Xcode software that was directly downloaded from the Mac App Store or the Apple Developer site.
The reminder speaks to the issue that causes the problem with the malware-laden apps to begin with: Chinese app developers, including several big-name brands like WeChat, Didi Kuaidi (an Uber competitor), business card scanning app CamCard, and more, deliberately bypassed warnings from Apple’s “Gatekeeper” software when installing the compromised version of Xcode.
However, their reason in doing so was not because they have lax security policies, really, but rather that Xcode – a sizable piece of software – is slow to download when trying to access the software on U.S. servers due to China’s Great Firewall. That often sees developers turning to local cloud storage sites, like Baidu (where this compromised version was hosted), in order to get their hands on copies they can get onto their local machines more quickly.
According to security firm Lookout, Chinese users, or others who may have downloaded applications from the China App Store, should check to see if there are updates available for the affected apps. (A full list of the apps they’ve verified as being infected is here.)
If one of the apps is running on your device, you should change your Apple ID and password immediately, and then be wary if you receive any suspicious emails or push notifications in the future – especially those that may ask for personal information.
The malware was designed to pull personal information from victims’ devices, including the device name, country, and unique identifiers, the firm noted. Palo Alto Networks, which was among the first to publish details on “XcodeGhost,” as the malware is dubbed, also said that the malicious software may have been able to push dialog boxes to users’ phones asking for personal information.
However, Apple’s Phil Schiller told China’s Sina website that Apple currently knows of no cases where the malicious apps were able to transmit user data before the apps were pulled from the App Store.